package com.xxx.shetuan3.config;


import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration
@EnableWebSecurity

public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
       http
               .formLogin()
               //自定义登陆页面
               //.loginPage("/login.html")
               //登录时使用的url
               .loginProcessingUrl("/login")
               .successForwardUrl("/loginsuccess")
               .failureForwardUrl("/loginfailed");

       http
               .exceptionHandling()
            // .authenticationEntryPoint(new My401())
               .accessDeniedHandler(new My403());

       http
               .authorizeRequests()
               .antMatchers("/**").permitAll()
               //.antMatchers("/login.html").permitAll()
               //.antMatchers("/admin/**").hasRole("admin")
               //.antMatchers("/student/**").permitAll()

               //.antMatchers("/login.html").permitAll()
              // .antMatchers("/doc.html").permitAll()
               //.antMatchers("/student/**").hasAnyRole("student,chief")
               //.antMatchers("/admin/**").hasAnyRole("admin");
               .anyRequest().authenticated();
       http.csrf().disable();

    }
}





